fbpx

About admin

This author has not yet filled in any details.
So far admin has created 51 blog entries.

ISO27001 – Control 5.15 – Access Control

By |2024-11-24T16:48:08+00:00November 25th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.15 - Access Control Control 5.15 Wording Control 5.15 - Access Control states "Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements." What this means Control 5.15 - At its core, access control is about ensuring the right people have access to the right resources at the right time. Think of it as a sophisticated bouncer for your business assets, both digital and physical. It's not [...]

We’ve got ISO27001 Certification, Now what?

By |2024-11-17T18:07:25+00:00November 18th, 2024|BUSINESS, ISO27001 Certification|

We've Got ISO 27001 - Now What? You've done it. The audits are complete, the certificate is on the wall and the website, and everyone's breathing a collective sigh of relief that all the work has finally paid off. But if you think getting ISO 27001 certified was the hard part and it's all downhill from here, think again. ISO 27001 maintenance isn't just about keeping your certificate on the wall. It's about turning those hard-won security practices into business value. While getting certified is a [...]

ISO27001 – Control 5.14 – Information Transfer

By |2024-11-09T16:25:08+00:00November 11th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.14 - Information Transfer Control 5.14 Wording Control 5.14 - information transfer states "Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties". What this means Control 5.15 - information transfer is aiming to ensure that any information transfer processes are robust and secure and available to all within the organisation. The most obvious means of data transfer is email but there is also the consideration [...]

5 Information Security Mistakes That Could Cost You Your Business

By |2024-11-02T11:51:16+00:00November 4th, 2024|Cyber Security, Information Security|

5 Information Security Mistakes That Could Cost You Your Business Information security mistakes can devastate UK businesses of any size. In today's digital landscape, these information security mistakes aren't just IT concerns - they're fundamental business risks that UK organisations cannot afford to ignore. With data breaches costing  companies an average of £3.7 million according to IBM's 2024 Cost of a Data Breach Report, even seemingly minor security oversights can have devastating consequences. 1. Assuming Compliance Equals Security Many UK businesses make the critical error of [...]

UK Procurement Trends: Why Your Company’s Security Posture Matters More Than Ever

By |2024-10-26T10:22:02+01:00October 28th, 2024|Information Security|

UK Procurement Trends: Why Your Company's Security Posture Matters More Than Ever In today's business landscape, UK companies are experiencing a significant shift in how clients evaluate and select their suppliers. A clear trend has emerged: a good security posture has moved from a "nice-to-have" to a critical deciding factor in procurement decisions. Potential clients are reviewing suppliers security requirements to ensure that they have secure practices in place as part of the procurement process. For managers focused on growth and efficiency, understanding this shift could [...]

ISO27001 – Control 5.13 – Labelling of Information

By |2024-10-17T16:57:49+01:00October 21st, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.13 - Labelling of Information Control 5.13 Wording An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization. What this means This is the followup control to 5.12 - Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It's all about marking your data so everyone knows how to handle it properly. Let's break down [...]

Why Change Management is Crucial for ISO27001 Compliance

By |2024-10-17T16:59:57+01:00October 14th, 2024|Information Security, ISO 27001 Controls|

The Silent Revolution: Why Change Management is Crucial for ISO27001 Compliance In the world of information security, we often focus on the big, dramatic changes - major system overhauls, new technology implementations, or responding to high-profile security incidents. But what about the small, almost imperceptible changes that happen every day? As it turns out, these can be just as critical to your ISO27001 compliance. The Constant Nature of Change Change is not just inevitable—it's constant. Lots of the time, we don't even notice it happening. A [...]

Practical Climate Change Considerations for ISO 27001

By |2024-10-11T14:20:05+01:00October 7th, 2024|ISO27001 Certification|

Practical Climate Actions in ISO 27001: Small Steps, Big Impact ISO 27001 requires organisations to consider the impact of climate change as part of their certification. Although the sentence in the standard states "The organization shall determine whether climate change is a relevant issue", we all know that deciding climate change is not an issue for your organisation may not work in accordance with the standard. It can therefore be a challenge to identify practical, implementable steps to consider as part of the Climate Change requirements. [...]

ISO 27001 and Climate Change: Understanding the Connection

By |2024-09-29T17:06:40+01:00September 30th, 2024|ISO27001 Certification|

ISO 27001 and Climate Change: Understanding the Connection As part of the updating that took place to ISO27001, two sentence were added to clause 4. These sentences are "The organization shall determine whether climate change is a relevant issue" and "Relevant interested parties can have requirements related to climate change". Organisations are increasingly recognising the importance of addressing climate change as part of their overall risk management strategy and the inclusion in the standard reflects the growing understanding that environmental factors can have on an organisation's [...]

Configuration Management in ISO 27001

By |2024-09-24T14:25:30+01:00September 23rd, 2024|Cyber Security, ISO27001 Certification, ISO27001 Implementation|

Configuration Management in ISO 27001 plays a crucial role in maintaining the integrity, availability, and confidentiality of an organisation's IT assets. For organisations implementing ISO 27001, an effective configuration management process is not just beneficial—it's essential. This blog post explores the importance of configuration management within the ISO 27001 framework and provides guidance on its implementation. Understanding Configuration Management in ISO 27001 Configuration management involves identifying, controlling, maintaining, and verifying the versions of all critical assets within an organisation's IT environment. Key Objectives: 1. Ensure that [...]

Go to Top